We provide this overview so that you can better understand the security measures we’ve put in place to protect the information that you store using HBTI.
Secure Storage
We encrypt the files that you store on HBTI’s service using the AES-256 standard, which is the same encryption standard used by banks to secure customer data. Encryption for storage is applied after files are uploaded, and we manage the encryption keys.
HBTI uses Microsoft Azure for data storage. Azure stores data over several large-scale data centers. According to Microsoft Azure, they use military grade perimeter control berms, video surveillance, and professional security staff to keep their data centers physically secure.
You can find more information about Amazon’s security at the Azure Web Service’s Services Website.
Secure Transfers
Your files are sent between HBTI’s desktop clients and our servers over a secure channel using 256-bit SSL (Secure Sockets Layer) encryption, the standard for secure Internet network connections.
Your files are sent between HBTI’s mobile App and our servers over a secure channel using 256-bit SSL encryption where supported. Not all mobile media players support encrypted streaming, so media files streamed from our servers are not always encrypted.
Your Data is Backed Up
HBTI and Azure keep redundant backups of all data over multiple locations to prevent the remote possibility of data loss. In the unlikely event that this redundancy were to fail, HBTI folders linked to a desktop computer client will still contain copies of your files.
Privacy
We guard your privacy to the best of our ability and work hard to protect your information from unauthorized access.
HBTI employees are prohibited from viewing the content of files you store in your HBTI account, and are only permitted to view file metadata (e.g., file names and locations). Like most online services, we have a small number of employees who must be able to access user data for the reasons stated in our privacy policy (e.g., when legally required to do so). But that’s the rare exception, not the rule. We have strict policy and technical access controls that prohibit employee access except in these rare circumstances. In addition, we employ a number of physical and electronic security measures to protect user information from unauthorized access.
Third-party Apps
If you choose to access HBTI using third-party applications (“apps”), be aware that those apps utilize their own security protocols and have their own privacy policies. If you’re not comfortable with the privacy and security features of those apps, you shouldn’t use them to access HBTI’s service. For example, third-party apps might not employ encryption when transmitting data, might collect information that HBTI’s service does not, and might use information differently than HBTI’s service does.
I think I’ve found a security exploit. Where do I report security concerns?
We take a number of measures to ensure that the data you store on HBTI’s service is safe and secure. While we’re very confident in our technology, we recognize that no system can guarantee data security with 100% certainty. For that reason, we will continue to innovate to make sure that our security measures are state of the art, and we will investigate any and all reported security issues concerning HBTI’s services or software.